1.

Business Process Management & IT

Business Process Management (BPM) is based on the observation that each product
that a company provides to the market is the outcome of a number of activities
performed. Business Process activities can be performed by the company’s employees
manually or by the help of information systems.

Some of the concepts that are used in BPM are:

Six Sigma is a set of strategies, techniques, and tools for process

improvement. It seeks to improve the quality of process outputs by
identifying and removing the causes of defects and minimizing variability in
manufacturing and business processes. It was developed by Motorola in
1986.

Total Quality Management (TQM): The continuous process of reducing or

eliminating errors in manufacturing, streamlining supply chain management,
improving the customer experience and ensuring that employees are up-to-speed
with their training. While TQM shares much in common with with the Six Sigma
improvement process, it is not the same as Six Sigma. While it focuses on ensuring
that internal guidelines and process standards reduce errors, Six Sigma looks to
reduce defects.

What is a Process: A process is defined as a sequence of events that uses

inputs to produce outputs. From a business perspective, a process is a
coordinated and standardized flow of activities performed by people or
machines.

Process Management: Process management is based on a view of an organization

as a system of interlinked processes.

Page | 1
Business Process Management (BPM): BPM may be defined as: “The achievement
of an organization’s objectives through the improvement, management and
control of essential business processes”.

• Achievement: Realizing the strategic objectives as outlined in the

organization’s strategic plan.

• Organization: The organization in this context refers to an

enterprise or parts of an enterprise.

• Objectives: The objectives of a BPM implementation range from the

strategic goals of the organization. BPM is not an objective in itself,
but rather a means to achieving an objective.

• Improvement: It is about making the business processes more

efficient and
effective.

• Management: It refers to the process and. By this we mean

arranging the people, their skills, motivation, performance
measures, rewards, the processes themselves and the structure and
systems necessary to support a process.

• Control: It has been said that BPM is about managing our end-toend
business and If we cannot measure something, we cannot control
and manage it.

• Essential: Not every process in an organization contributes towards

the achievement of the organization’s strategic objectives. Essential
processes are the ones that do.

Page | 2
 BPM Principles and Practices

BPM Principles:

1. BPM’s first principle is processes are assets that create value

for customers. They are to be continuously improved. Core
processes and processes that generate the most value to
customers, should be carefully managed.

2. A managed process produces consistent value to customers.

Management of processes entails the tasks of measuring,
monitoring, controlling, and analyzing business processes.
Measuring of business processes provides information
regarding these business processes. Process information allows
organizations to predict, recognize, and diagnose process
deficiencies, and it suggests the
direction of future improvements.

3. The third principle is continuous improvement of processes.

The business environment usually dictates that organizations
need to improve to stay competitive.

BPM Practices:

• Appoint process owners

• Senior management needs to commit and drive BPM
• Continuously train the workforce
• Align employee bonuses and rewards to business process performance;

Page | 3
 Business Processes and Process flow
Organizations have many different business processes such as completing a sale,
purchasing raw materials, paying employees etc.

Some of the key Business Processes pertaining to accounting, sales and purchase
are explained below:

Accounting:-

Accounting covers the business processes involved in recording and processing

accounting events of a company, which will include the following transactions:

(a) Source Document: a document the capture data from transactions and
events (eg. Invoice, Cash Receipt).

(b) Journal: transactions are recorded into journals from the source
document.
(c) Ledger: entries are posted to the ledger from the journal.
(d) Trial Balance: unadjusted trial balance containing totals from all account
heads is prepared.

(e) Adjustments: appropriate adjustment entries are passed.

(f) Adjusted Trial balance: the trial balance is finalized post adjustments.
(g) Closing entries: appropriate entries are passed to transfer accounts to
financial statements.

Page | 4
 Sales:-
The typical life cycle of a sales transaction which may include the following
transactions:

(i) Customer Order: a purchase order received from a customer specifying the
type, quantity and agreed prices for products.

(ii) Recording: availability of the items is checked and customer order is booked.

(iii) Pick release: the items are moved from the warehouse to the staging area.

(iv) Shipping: the items are loaded onto the carrier for transport to the customer.
(v) Invoice: invoice of the transaction is generated and sent to the customer.

(vi) Receipt: money is received from the customer against the invoices.

(vii) Reconciliation: the bank reconciliation of all the receipts is performed.

Page | 5
Purchase:-
Typical life cycles of a purchase transaction which may include the following
transactions are stated below:

(a) Purchase requisition: a document is prepared requesting the

purchase department to place an order with the vendor specifying
the quantity and time frame.

(b) Request for quote: an invitation is sent to the vendors to join a

bidding process for specific products.

(c) Quotation: the vendors provide cost quotations for the supply of
products.

(d) Purchase order: a commercial document is issued to the vendor

specifying the type, quantity and agreed prices for products.

(e) Receipts: the physical receipt of goods and invoices.

(f) Payments: the payments are made against the invoices.

Classification of Business Processes

Business processes are broadly classified into two categories. These
are: 1. ‘Organizational’ Business Processes and

2. ‘Operational’ Business Processes.

Page | 6
 Organizational business processes: These are high-level processes
that are typically specified in textual form by their inputs, their
outputs, their expected results and their dependencies on other
organizational business processes. Organizational business process
to manage incoming raw materials provided by a set of suppliers is
an example of an organizational business process.

The strategy of a company, its goals, and its organizational business

processes can be described in plain text, enriched with diagrams.

The Organizational business is influenced by the business strategy of

the enterprise, i.e., by the target markets, by business strategies
opening new opportunities, and, in general, by the overall strategic
goals of the enterprise.

Operational Business Processes: These are the processes that

constitute the core business and create the primary value stream. Few
examples of Operational Processes are purchasing, manufacturing,
advertising, marketing and sales.

BPM Implementation

 Factors to consider in implementing BPM:

• Scope: A single process, a department, the entire company
• Goals: Process understanding, improvement, automation, re-engineering,
optimization

Page | 7
• Methods to be used: Six Sigma, BPM Life Cycle Method, TQM, Informal
methods
• Skills Required: Consultants, Train Employees, Formal Certification, Basic
Education, Existing Skill sets
• Tools to be used: White-Boards, Sticky Notes, Software For Mapping,
Software for Simulation
• Investments to Make: Training, Tools, Time

 Need for a BPM implementation:

• Create the long-term future positioning of the business and enhance its
future capability;

• Create short-term cost effectiveness and improvement to current

customer service;

• Initiate continuous improvement from the base of the current, but

improved, processes;

• Introduce a knowledge of product and customer profitability;

• Re-engineer the business radically and provide clear future competitive

differentiation;

• Address the cultural barriers that prevent effective cross-functional and

hierarchical working;

Page | 8
 • Introduce leadership and a role for managers and empowered staff.

BPM Technology

BPM = Process and Organization (including people) +

Technology

By including Technology in BPM, the organization can manage the flow of activities
along different applications, and the people involved and also reduce execution
time.

 Value Chain Automation

Value chain refers to separate activities which are necessary to strengthen

an organization's strategies. Value Chain Analysis is a useful tool for
working out how we can create the greatest possible value for our
customers.

Six business functions of the value chain are as

follows : (i) Research and development
(ii) Design of products, services, or processes
(iii) Production
(iv) Marketing and Sales
(v) Distribution
(vi) Customer service

Page | 9
 Benefits & Risks in Business Process Automation (BPA)
BPA is a strategy to automate business processes so as to bring
benefit to enterprise in terms of cost, time and effort. The key
benefits and risks of BPA are given below:

• Benefits:-
Saving on costs: Automation leads to saving in time and labour costs.

Staying ahead in competition: Today, in order to survive, businesses

need to adopt automation

Fast service to customers: Business managers realized that

automation could help them to serve their customers faster and
better.

• Risks:-
Risk to jobs: Jobs that were earlier performed manually by several
employees would post-automation would be mechanized,
thereby posing a threat to jobs.

False sense of security: Automating poor processes will not gain better
business practices.

 Accounting Systems Automation

Page | 10
An Accounting Information System which is known as AIS is defined as a system
of collection, storage and processing of financial and accounting data that is used
by decision makers. An accounting information system is generally a computer-
based method for tracking accounting activity

 Basic Functions of an Accounting Information System

(AIS)
(i) Collect and store data: Collect and store data about
organization’s business activities and transactions by capturing
transaction data from source documents and posting data from
journals to ledgers.

(ii) Record transaction: Record transactions data into journals.

These journals present a chronological record of what occurred
and provide management with information useful for decision
making.

(iii) Safeguarding organisational assets: The two important

methods for accomplishing this objective is by providing
adequate documentation of all business activities and an
effective segregation of duties. Documentation allows
management to verify that assigned responsibilities were
completed correctly. Segregation of duties refers to dividing
responsibility.

Page | 11
 Processing Cycles of an Accounts BPM

(i) Financing Cycles: A transaction processing cycle combines one

or more types of transactions having related features or similar
objectives. The cycle consists of a set of transactions leading to
the recognition of a major economic event on the financial
statements. It is through the study of transaction cycles that we
gain a clear view of a firm’s processing framework.
(ii) Revenue Cycle: It includes transactions surrounding the
recognition of revenue involving accounts like Sales, Accounts
Receivable, Inventory and General

Page | 12
 Ledger. It involves capturing and recording of customer orders; shipment
of the goods; and recording of the cost of goods sold. The billing process
and the recording of sales and accounts receivable; the capturing and
recording of cash receipts.

(iii) Expenditure Cycle: It includes transactions surrounding the

recognition of expenditures involving accounts like Purchases,
Accounts Payable, Cash Disbursements etc.
It includes preparation and recording of purchase orders;
receipt of goods and the recording of the cost of inventoryand
also includes the preparation of employee paychecks.

(iv) Human Resource Cycle

Source Document Function

W4 forms Collect employee withholding data.

Time cards Record time worked by employees.
Job time tickets Record time spent on specific jobs.

(vi) Data Processing Cycle: It may be noted, that all the above cycles
of processing involves data processing activities which has been
updated and stored. The stored information has details about
the resources affected by the event and people / personnel who
participated in the activity.

If the process of updating of the data stored is periodic, it is

referred to as batch processing and if involves immediate

Page | 13
 updating as each transaction occurs, it is referred to as on-line,
real-time processing.

Impact of IT on BPM and Risks of failure of IT

BPM Systems or suites (BPMS) are a new class of software that allows enterprises to
devise process centric IT solutions.

 Benefits of BPMS

BPMS, as a technology, can deliver endless benefits to any sized organization but
more importantly these benefits are unique to a company:

(a) Automating repetitive business processes: Processes such as

report creation and reduces the manual operational costs and
helps employees to concentrate on activities that are important
to the success of business.

(b) BPMS works by 'loosely coupling' with a company's existing

applications: This enables it to monitor, extract, format and
distribute information to systems and people; in line with
business events or rules.

Page | 14
 (c) Operational Savings: BPM focuses on optimization of processes.
The processes that are repetitive are optimized and lead to
reduced expenses which translate to immediate cost savings. By
automating a task, ROI of BPM that requires six hours of manual
intervention, one can expect to cut that time to half.

(d) Reduction in the administration involved in Compliance

Standards:
Be it a quality assurance initiative such as the ISO (International
Organization for Standardization) standards, a financial audit
law, or an IT systems best‐practice implementation, companies
worldwide are seeing the need to manage compliance as part of
their everyday business activities. The BPM is ideally suited to
help support companies in their quest for process improvement
and compliance/governance certification. It gives full control
over process and document change, clarity of inherent risks, and
ease with which process knowledge is communicated across the
company.

(e) Freeing‐up of employee time: While the proverb “time is

money” is often over‐used, it is very relevant to this topic,
because in business, for each additional hour it takes to
complete a manual business process, there is a hard cost
associated with employee time as well as soft costs associated
with losing business or lowered productivity. Another area
where time comes into play is in opportunity costs.

 Business Risks of failure of IT

Some of the other reasons for failure of BPMS include:

Page | 15
 • Superficial or deficient executive involvement

• Not flexible enough or too complicated to be customized to meet the

precise workflow and business process.
• Failure to identify future business needs

• Persistent compatibility problems with the diverse legacy systems of the

partners.

• Software fails to meet business needs

• System may be over-engineered when compared to the actual

requirements.

• Technological obsolescence.

Business Process Reengineering

“Business Process Reengineering (BPR) is defined as the fundamental rethinking

and radical redesign of business processes to achieve dramatic improvements in
critical contemporary measures of performance such as cost, quality and speed.”

This has a few important key words, which need clear understanding:

Dramatic achievement means to achieve 80% or 90% reduction (in

say, delivery time, work in progress or rejection rate) and not just
5%, 10% reduction. This is possible only by making major
improvements and breakthroughs, and not small incremental
changes like in Total Quality Management (TQM).

Page | 16
 Radical redesign means BPR is reinventing and not enhancing or
improving. In a nutshell, a “clean slate approach” of BPR says
that “Whatever you were doing in the past is all wrong”, do not
get biased by it or reassemble, the new system is to be
redesigned afresh.

Fundamental rethinking means asking the question “why do you do

what you do”, thereby eliminating business processes altogether
if it does not add any value to the customer. There is no point in
simplifying or automating a business process which does not add
any value to the customer.

 BPR Success factors

BPR implies not just change but dramatic change in the way a business
functions. Some of the key factors for BPR projects to succeed are:

(i) Organization wide commitment: Changes to business
processes would have a direct impact on processes,
organisational structures, work culture, and job
competencies. This requires strong leadership, support from
the top management. Top management not only has to
recognise the need for change but also has to convince every
affected group.

(ii) BPR team composition: A BPR team is formed which would
be responsible to take the BPR project forward and make key
decisions and recommendations. The BPR team would
include active representatives from top management,
business process owners, technical experts and users. It is
important that the teams must be kept of manageable size
Page | 17
 (say 10 members) to ensure wellcoordinated, effective and
efficient completion of the entire BPR process.


(iii) Business needs analysis: It is important to identify exactly
what current processes need reengineering. This would help
determine the strategy and goals for BPR. A series of sessions
are held with the process owners and stakeholders and all the
ideas would be evaluated to outline and conceptualize the
desired business process. The outcome of this analysis would
be BPR project .

(iv) Adequate IT infrastructure: Adequate investment in IT

infrastructure is of vital importance for successful BPR
implementation.


(v) Effective change management: BPR involves changes in
people behaviour and culture, processes and technologies.
Hence, resistance would be a natural consequence which
needs to be dealt with effectively. The success of BPR
depends on how effectively management conveys the need
for change to the people.

(vi) Ongoing continuous improvement: BPR is an ongoing

process, hence innovation and continuous improvement are
key to the successful implementation of BPR.

3. Computer Networks & Network Security

Page | 18
Classifications of Networks:

1 Class I Function Based Classification

Data Network A communication network that transmits data.

Voice Network A communication network that transmits voice.

Multimedia A communication network that transmits data, voice, image,

Network video etc.
2 Class II Area Coverage Based Classification
LAN A Local Area Network (LAN) is a group of computers and
network devices connected together, usually within the
same building, campus or spanned over limited distance. It
provides high speed data transfer and is relatively
inexpensive.
MAN A Metropolitan Area Network (MAN) is a larger network that
usually spans in the same city or town. Cable network is an
example of a MAN.
WAN A Wide Area Network (WAN) is not restricted to a
geographical location, although it might be confined within
the bounds of a state or country. The technology is high
speed and relatively expensive. The Internet is an example
of a world-wide public WAN.
3 Class III Forwarding-based Classification
Switched Network Switched Network is a type of network that provide switched
communication system and in which users are connected
with each other through the circuits, packets, sometimes
message switching and the control devices. Active network
elements like switch, router, gateways etc. participate in
communication. Public switch telephone network is an
example of switched networks.
Shared Network A Shared Network is also known as Hubbed Network which
is connected with a hub. When packets arrive in to the
network, all segments can see packets. LAN using hub is
an example of shared networks.
Hybrid Networks Network comprising the features of switched and shared
networks.

4 Class IV Ownership-based Classification

Page | 19
 Public Network Network established for all users across the world is known
as public network. Internet is an example of public network.

Private Network Private Network is used by particular organization,

particular campus or particular enterprise only. This is a
network that is not available to the outside world. Intranet
is an example of it.
Virtual Private A Virtual Private Network (VPN) is a network that uses a
Network (VPN) public network, such as the Internet, to provide secure
access to organization's private network. A key feature of
a VPN is its
Leased Network Dedicated or leased lines exist to support network
communication.

5 Class V Media-based Classification

Wired Network Network communication supported by physical (wired)

medium.

Wireless Network Network communication supported by wireless medium.

Area coverage based classification is discussed below:

(i) Local Area Networks (LAN): A typical LAN connects as many as

hundred or so microcomputers that are located in a relatively small
area, such as a building or several adjacent buildings. Organizations
having their own LAN enable its multiple users to share software,
data, and devices. LANs use high-speed media (1 Mbps to 30 Mbps
or more) and are mostly privately owned and operated.

Following are the salient features of LAN:

· Multiple user computers connected together.

Page | 20
· Machines are spread over a small geographic region.

· Communication channels between the machines are usually privately

owned.

(ii) Metropolitan Area Networks (MAN): A Metropolitan Area

Network (MAN) is somewhere between a LAN and a WAN. The terms
MAN is sometimes used to refer to networks which connect systems
or local area networks within a metropolitan area (roughly 40 km in
length from one point to another). MANs are based on fiber optic
transmission technology and provide high speed (10 Mbps or so),
interconnection between sites.

A MAN can support both data and voice. Cable television networks are
examples of MANs that distribute television signals. A MAN just has one or
two cables and does not contain switching elements.

(iii) Wide Area Networks (WAN): A WAN covers a large geographic

area with various communication facilities such as long distance
telephone service, satellite transmission, and under-sea cables.
Examples of WANs are interstate banking networks and airline
reservation systems. Wide Area Networks typically operate at lower
link speeds (about 1 Mbps). Following are the salient features of
WAN:

· Multiple user computers connected together.

· Machines are spread over a wide geographic region.

Page | 21
 · Communications channels between the machines are usually
furnished by a third party (for example, the Telephone
Company, a public data network, a satellite carrier).

Channels are of relatively low capacity (measuring throughput in kilobits per

second, Kbits/s).

Network Architecture

Network architecture refers to the layout of the network, consisting of the

hardware, software, connectivity, communication protocols and mode of
transmission, such as wired or wireless. Every computer network supports two
basic network architectures: Client-Server and Peer-to-Peer.

1. Client-Server: Client-Server network consists of servers and clients.

Servers are typically powerful computers running advanced network
operating systems and user workstations (clients) which access data or
run applications located on the servers.

Advantages:

(i) A client server can be scaled up to many services that can also be
used by multiple users.
(ii) A client server enables the roles and responsibilities of a
computing system. This means that it can update all the
computers connected to it. An example of this would be software
updates or hardware updates.
(iii) All the data is stored on the servers, which generally have far
greater security controls than most clients.

Page | 22
 Disadvantages:

(i) When the server goes down or crashes, all the computers connected to
it become unavailable to use.

(ii) Simultaneous access to data and services by the user takes little more
time for server to process the task.

2. Peer-to-Peer: In Peer-to-Peer architecture, there are no dedicated

servers. All computers are equal, and therefore, are termed as peer. This
arrangement is suitable for environments with a limited number of users
(usually ten or less).

Advantages:

(i) Peer to Peer Networks are easy and simple to set up and only
require a Hub or a Switch to connect all the computers together.

(ii) It is very simple and cost effective.

(iii) If one computer fails to work, all other computers connected to it

continue to work.

Disadvantages:

(i) There can be problem in accessing files if computers are not connected
properly.

Page | 23
 (ii) It does not support connections with too many computers.

(ii) The data security is very poor in this architecture.

Components of a Network

There are five basic components in any network:

1. The sender (Source Host)

2. The communication interface devices

3. The communication channel (Medium)

4. The receiver (Destination Host)

5. Communication software

1. Source/Destination Host: A host is any computer on a network

that is a repository for services available to other computers on the
network. A host is simply an endpoint where users gain access to the
networks.

2. Communication Interface Devices:

(i) Network Interface Card (NIC): Every computer in a network has a special card
called an Network Interface Card (NIC) which provides the connector to attach the
network cable to a server or a workstation. The on-board circuitry then provides the
protocols and commands required to support this type of network card. An NIC has
additional memory for buffering incoming and outgoing data packets, thus

Page | 24
improving the network throughput. A slot may also be available for remote boot
PROM, permitting the board to be mounted in a diskless workstation.

Characteristics of NICs include following:

• NIC constructs, transmits, receives, and processes data to and from a
host to network.

• Each NIC has 8 bytes permanent and unique MAC (Media Access Control)
address provided by manufacturer. This address is also
known as Physical
Address.
• The NIC requires drivers to operate.

(ii) Switch and Router: These are hardware devices used to direct messages
across a network. Switches create temporary point to point links between two
nodes on a network and send all data along that link. Router is a kind of connecting
device which makes forwarding decisions of data packet on the basis of network
addresses.
The primary purpose of a router is to examine the source and
destination IP addresses of data packets it receives and to direct
those packets out the appropriate port and over the best path
available at the time.

(iii) Hub: A hub is a multi port connecting device that is used to interconnect
LAN devices. Each node is connected to the hub by means of simple twisted pair
wires. The hub then provides a connection over a higher speed link to other LANs,
the company’s WAN, or the Internet. A hub can be used to extend the physical
length of a network. Hubs can be active or passive.

Page | 25
(iv) Bridges, Repeaters and Gateways: Workstations in one network often
need access to computer resources in another network or another part of a WAN.
For example, an office manager using a local area network might want to access an
information service that is offered by a WAN over the public phone system. In order
to accommodate this type of need, bridges and routers are often necessary.

Bridges: The main task of a bridge computer is to receive and pass

data from one LAN to another. In order to transmit this data
successfully, the bridge magnifies the data transmission signal. This
means that the bridge can act as a repeater as well as a link.

Repeaters: These are devices that solve the snag of signal

degradation which results as data is transmitted along the various
cables. The repeater boosts or amplifies the signal before passing it
through to the next section of cable.

Gateways: Gateways are also similar to bridges in that they relay

data from network to network. They do not, as a rule, possess the
management facilities of routers but like routers they can translate
data from one protocol to another. Gateways are usually used to link
LANs of different topologies, e.g., Ethernet and Token Ring, so
enabling the exchange of data.

(v) MODEM: MODEM stands for Modulator/Demodulator. In the simplest

form, MODEM is defined as an encoding as well as decoding device used in data
transmission.

In other words, MODEM is a device that converts a digital computer signal into
an analog telephone signal (i.e. it modulates the signal) and converts an analog
telephone signal into a digital computer signal (i.e. it demodulates the signal) in
a data communication system.

Page | 26
Modems are used for handling data flow from an input device to the CPU and vice
versa through the common carrier network. MODEMs are required to tele-
communicate computer data with ordinary telephone lines because computer
data is in digital form but telephone lines are analogue.

(vi) Protocol converters: Dissimilar devices cannot communicate with each

other unless a strict set of communication standards is followed. Such standards are
commonly referred to as protocols. A protocol is a set of rules required to initiate
and maintain communication between a sender and receiver device. Thus, a
protocol converter is a device that provides interoperability amongst networking
devices by converting protocols of one device to another.
(vii) Multiplexer (MUX): This device enables several devices to share one
communication line. The multiplexer scans each device to collect and transmit data
on a single line to the CPU. It also communicates transmission from the CPU to the
appropriate terminal linked to the Multiplexer. This process of continuously
scanning by multiplexer is called Polling. The devices are polled and periodically
asked whether there is any data to transmit.

3. Communication Channel (Medium)

Communication or Transmission media is divided into two groups:

(i) Guided Media: Guided Transmission Media uses a "cabling" system that guides the
data signals along a specific path. The types of guided media are described as follows:

Twisted-Pair Cables: These are most commonly used transmission media to

transmit electrical signals. Twisted-Pair cables contain pairs of insulated copper
wires twisted together. Twisting reduces the impact of interferences. There are
two types of twistedpair cables called Unshielded Twisted-Pair (UTP) cable and
Shielded Twisted-Pair (STP) cable. Main difference between both cables is that,

Page | 27
Shielded Twisted-Pair (STP) cables are surrounded by an additional shielding,
which makes STP cables more secure, less prone to interferences but expensive.

Cost of these cable are comparably very low. Twisted-Pair cables can carry data
at a speed of 10 Mbps, 100 Mbps and 1000 Mbps and can transmit data up to
100 meters.

Co-axial cables: Also called as coax, these contain central copper wire as its core
that is surrounded by two layers of protective shielding. This shielding reduces
electromagnetic interference. Co-axial cables used in computer networks are
of two type thick co-axial and thin co-axial cable. Coax can transmit data at a
maximum speed of 10 Mbps up to 500 meters.

Optical Fiber: An optical fiber (or fiber) as shown in Fig 3.4.3.3 is a glass or plastic
fiber that carries light along its length. Fibers are used instead of metal wires
because signals travel along them with less loss, and they are immune to
electromagnetic interference. Optical Fiber cables permits transmission over
longer distances and at higher data rates (called bandwidth), than other forms
of communications.

Page | 28
(ii) Unguided Media: Unguided Transmission Media consists of a means for the data
signals to travel but nothing to guide them along a specific path. The data signals
are not bound to a cabling media and as such are often called Unbound Media.
Some of the common examples of unguided media are Radio wave, Microwave and
Infrared wave.

These are described as follows:

· Radio Waves: Wireless networks do not require any physical media
or cables for data transmission. Radio waves are an invisible form
of electromagnetic radiation that varies in wavelength from
around a millimeter to 100,000 km, making it one of the widest
ranges in the electromagnetic spectrum. Radio waves are most
commonly used transmission media in the wireless Local Area
Networks.

· Micro Waves: Microwaves are radio waves with wavelengths

ranging from as long as one meter to as short as one millimeter.
These are used for communication, radar systems, radio
astronomy, navigation and spectroscopy.

· Infrared Waves: Infrared light is used in industrial, scientific, and

medical applications. Night-vision devices using infrared
illumination allow people or animals to be observed without
the observer being detected. Infrared tracking, also known as
infrared homing, refers to a passive missile guidance system
which uses the emission from a target of electromagnetic
radiation in the infrared part of the spectrum to track it.

4. Communications Software: Communications software manages the

flow of data across a network. It performs the following functions:

Page | 29
 · Access control: Linking and disconnecting the different devices;
automatically dialing and answering telephones; restricting access
to authorized users; and establishing parameters such as speed,
mode, and direction of transmission.

· Network management: Polling devices to see whether they are

ready to send or receive data; queuing input and output;
determining system priorities; routing messages; and logging
network activity, use, and errors.

· Data and file transmission: Controlling the transfer of data, files, and
messages among the various devices.

· Error detection and control: Ensuring that the data sent was indeed the data
received.

· Data security: Protecting data during transmission from

unauthorized access.

Communication Satellites: Communication satellites use the atmosphere as the

medium to transmit signals. A satellite is some solar-powered electronic device
that receives, amplifies, and retransmits signals; the satellite acts as a relay
station between satellite transmissions stations on the ground (earth stations).
They are used extensively for high-volume as well as long-distance communication
of both data and voice. It is cost-effective method for moving large quantities of
data over long distances. However, satellites are very expensive to develop and
place in orbit and have an age limit of 7-10 years. Signals weaken over long
distances; weather conditions and solar activity can also cause noise interference.
Page | 30
Client: A client is a single-user workstation that provides a presentation services
and the appropriate computing, connectivity and the database services relevant t
the business need. Client computers can be classified as Fat Client, Thin Client or
Hybrid Client.

Fat / Thick Client: A fat client or thick client is a client that performs the
bulk of any data processing operations itself, and does not necessarily rely
on the server. In, thick clients do not rely on a central processing server,
but the server is accessed primarily for storage purposes.

Thin Client: Thin clients use the resources of the host computer. A thin
client generally only presents processed data provided by an application
server, which performs the bulk of any required data processing. A thin
client machine is going to communicate with a central processing server,
meaning there is little hardware and software installed on the user's
machine.

Hybrid Client: A hybrid client is a mixture of the above two client models.
Similar to a fat client, it processes locally, but relies on the server for
storing persistent data. This approach offers features from both the fat
client (multimedia support, high performance) and the thin client (high
manageability, flexibility). Hybrid clients are well suited for video
gaming.

Multi-Tier Architecture

Page | 31
  Single Tier Systems/ One-Tier Architecture

A single computer that contains a database and a front-end (GUI) to

access the database is known as Single Tier System. Generally, this type
of system is used in small businesses.

One-tier architecture involves putting all of the required components for a

software application or technology on a single server or platform.

Advantages: A single-tier system requires only one stand-alone

computer. It also requires only one installation of proprietary
software which makes it the most cost-effective system
available.

Disadvantages: It can be used by only one user at a time. A single tier

system is impractical for an organization which requires two or more
users to interact with the organizational data stores at the same time.

 Two Tier Systems/ Two Tier Architecture

A two-tier system consists of a client and a server. A two-tier architecture is

a software architecture in which a presentation layer or interface runs on a client,
and a data layer or data structure gets stored on a server. In other words, the
database is stored on the server, and the interface used to access the database is
installed on the client.

The advantages of Two-Tier systems are as follows:

-The system performance is higher.

Page | 32
 -Since processing is shared between the client and server, more users could
interact with system.

-By having simple structure, it is easy to setup and maintain entire system
smoothly.

The disadvantages of Two-Tier systems are as follows:

-Performance deteriorates if number of users is greater than 100.

-There is restricted flexibility and choice of DBMS, since data language

used in server is proprietary to each vendor.

 n-Tier Architecture

n-Tier Architecture is a client–server architecture in which presentation,

application processing, and data management functions are logically separated.
The most widespread use of multi-tier architecture is the Three-tier architecture.

The three tiers in three-tier architecture are as follows:

i. Presentation Tier: Occupies the top level and displays

information related to services available on a website. This
tier communicates with other tiers by sending results to the
browser and other tiers in the network.

ii. Application Tier: Also called the middle tier, logic tier,
business logic or logic tier, this tier is pulled from the
presentation tier. It controls application functionality by
performing detailed processing.

Page | 33
 iii. Data Tier: Houses database servers where information is
stored and retrieved. Data in this tier is kept independent of
application servers or business logic.

The following are the advantages of Three-Tier systems:

Clear separation of user-interface-control and data presentation

from application-logic: Through this separation more clients are able
to have access to a wide variety of server applications..

Dynamic load balancing: If problems in terms of performance

occur, the server process can be moved to other servers at
runtime.

Change management: It is easy and faster to exchange a

component on the server than to furnish numerous PCs with new
program versions.

The disadvantages of Three-Tier systems are as below:

It creates an increased need for network traffic management,

server load balancing, and fault tolerance.

Current tools are relatively immature and are more complex.

Ownership Based Classification of Networks

a. Public Data Network: A public data network is defined as a network

shared and accessed by users not belonging to a single organization. It is
a network established and operated by a telecommunications
administration, or a recognized private operating agency, for the specific
Page | 34
 purpose of providing data transmission services for the public. The
Internet is an example of a Public Data Network.
b. Private Data Network: Private data networks provide businesses,
government agencies and organizations of all sizes a dedicated network
to continuously receive and transmit data critical to both the daily
operations and data for critical needs of the organization.
c. Virtual Private Networks (VPN): A VPN is a private network that uses a
public network (usually the Internet) to connect remote sites or users
together. The VPN uses "virtual” connections routed through the Internet
from the business's private network to the remote site or employee. By
using a VPN, businesses ensure security -- anyone intercepting the
encrypted data can't read it.

Network Computing

Centralized Computing: Centralized computing is computing done at a

central location, using terminals that are attached to a central computer. The
computer itself controls all the peripherals/clients connected to it.

This type of arrangement does have some disadvantages. The central

computer performs the computing functions and controls the remote terminals.
This type of system relies totally on the central computer. Should the central
computer crash, the entire system will "go down" (i.e. will be unavailable).

Decentralized Computing: Decentralized computing is the allocation of

resources, both hardware and software, to each individual workstation, or office
location. centralized computing exists when the majority of functions are carried
out, or obtained from a remote centralized location.

Page | 35
 Network Topologies

Four basic topologies used in wide area and local area telecommunications
networks are the:

1. Star network (Refer Notes)

2. Ring network

3. Bus network

4. Mesh Network

 Bus Network: In a bus network, a single length of wire, cable, or optical

fiber connects a number of computers. The features of a bus network are as

follows:

-All communications travel along this cable, which is called a bus.

-Bus networks have a decentralized approach.

Advantages of bus network include:

1. If one of the microcomputers fails, it will not affect the entire network.
2. Requires the least amount of cable to connect the computers together
and therefore is less expensive than other cabling arrangements.

3. Is easy to extend. Two cables can be easily joined with a connector,

making a longer cable for more computers to join the network.

Disadvantages of bus network include:

1. Heavy network traffic can slow a bus considerably since any computer
can transmit at any time.

Page | 36
 2. Each connection between two cables weakens the electrical signal.

 Ring Network:

A ring network is much like a bus network, except the length of wire, cable,
or optical fiber connects to form a loop. A ring network has a decentralized
approach.When one computer needs data from another computer, the data is
passed along the ring.

Advantages of ring network include:

1. Ring networks do not require a central computer to control activity nor

does it need a file server.
2. Each computer connected to the network can communicate directly
with the other computers in the network by using the common
communication channel, and each computer does its own independent
applications processing.

3. Ring networks are easily extendable.

4. Ring networks offer high performance for a small number of
workstations Disadvantages of ring network are:

1. Relatively expensive and difficult to install.

2. Failure of one computer on the network can affect the whole network.
3. Adding or removing computers can disrupt the network.

 Mesh Network:

In this structure, there is random connection of nodes using communication

Page | 37
links. The reliability is very high as there are always alternate paths available if
direct link between two nodes is down or dysfunctional. Only military installations,
which need high degree of redundancy, may have such networks, that too with a
small number of nodes.

Advantages of mesh network are as under:

1. Yields the greatest amount of redundancy in the event that if one of

the nodes fails, the network traffic can be redirected to another node.

2. Network problems are easier to diagnose.

Disadvantage of mesh network is its high cost of installation and maintenance

(more cable is required than any other configuration).

Network Architectures and Protocols

Network architecture refers to the layout of the network, consisting of the

hardware, software, connectivity, communication protocols and mode of
transmission, such as wired or wireless.

Protocols: A protocol is the formal set of rules for communicating, including rules for
timing of message exchanges, the type of electrical connection used by the
communications devices, error detection techniques, means of gaining access to
communications channels, and so on. The goal of communications network
architectures is to create more standardization and compatibility among
communications protocols.

 The OSI Model

Page | 38
 The International Standards Organization (ISO) is working on the
establishment of a standard protocol for data transmission. They have developed
a seven-layer Open Systems Interconnection (OSI), which will include:

Layer 7 or Application Layer: The application layer of OSI layer

architecture is closest to the end user, which means that both the OSI
application layer and the user interact directly with the software application.
This layer interacts with software applications and provides user services by file
transfer, file sharing, etc.

Layer 6 or Presentation Layer: This layer at times referred as Syntax Layer

also, is usually a part of an operating system, that converts incoming and outgoing
data from one presentation format to another (for example, from a text stream into
a popup window with the newly arrived text). Encryption, data compression can
also be undertaken at this layer level.

Layer 5 or Session Layer: The session layer manages a session by initiating

the opening and closing of sessions between end-user application processes. The
session layer supports full-duplex and half-duplex operations. For example, sessions
are implemented in live television programs in which the audio and video streams
emerging from two different sources are merged together.

Layer 4 or Transport Layer: Transport layer ensures the reliable arrival of

messages and provides error checking mechanisms. Multiplexing and
encryption are undertaken at this layer level. This means that the
Transport Layer can keep track of the segments and retransmit those that
fail.
Layer 3 or Network Layer: The Network Layer provides the functional
and procedural means of transferring variable length data sequences from a
source to a destination via one or more networks, while maintaining the
quality of service requested by the Transport Layer. The Network Layer
makes a choice of the physical route of transmission.

Page | 39
 Layer 2 or Data Link Layer: The Data-Link layer ensures that an initial
connection has been set up, divides output data into data frames, and handles the
acknowledgements from a receiver that the data arrived successfully. The Data
Link Layer responds to service requests from the Network Layer and issues service
requests to the Physical Layer. Data Link Layer detects and possibly correct errors
that may occur in the Physical Layer.

Layer 1 or Physical Layer: This includes the layout of pins, voltages, cable
specifications, Hubs, repeaters, network adapters etc. It is the hardware layer
which specifies mechanical features as well as electromagnetic features of the
connection between the devices and the transmission.

The major functions and services performed by the Physical Layer are:

--Participation in the process whereby the communication resources

are effectively shared among multiple users. For example, contention
resolution and flow control.

--Establishment and termination of a connection to a communications medium.

Internet’s TCP/IP

Transmission Control Protocol/Internet Protocol and is known as TCP/IP. TCP/IP is

used by the Internet and by all Intranets and extranets.

Many companies and other organizations are also converting their client/server
networks to
TCP/IP
Five levels of TCP/IP include:

1. Application or process layer

Page | 40
 2. Host-to-Host Transport layer
3. Internet Protocol (IP)

4. Network Interface

5. Physical layer

Network Risks, Controls and Security

Threats and Vulnerabilities

Threat: A threat is anything that can disrupt the operation, functioning, integrity,
or availability of a network or system. Network security threats can be
categorized into four broad themes:

Unstructured Threats - These originate mostly from inexperienced individuals

using easily available hacking tools from the Internet. Many tools available to
anyone on the Internet can be used to discover weaknesses in a company's
network. Most of these kinds of probes are done more out of curiosity than with
a malicious intent in mind.

For example, if a company’s external web site is hacked; the company’s integrity
is damaged. Even if the external web site is separate from the internal information
that sits behind a protective firewall, the public does not know that. All they know
is that if the company’s web site is hacked, then it is an unsafe place to conduct
business.

Structured Threats- These originate from individuals who are highly motivated and
technically competent. They can understand as well as create hacking scripts to
penetrate those network systems. Usually, these hackers are hired by industry
competitors, or state-sponsored intelligence organizations.

Page | 41
External Threats - These originate from individuals or organizations working
outside an organization, which does not have authorized access to organization’s
computer systems or network. They usually get access into a network from the
Internet or dialup access servers.

Internal Threats - These threats originate from individuals who have authorized
access to the network. These users either have an account on a server or physical
access to the network. An internal threat may come from a discontented former
or current employee. It has been seen that majority of security incidents originate
from internal threats.

Vulnerability: Vulnerability is an inherent weakness in the design,

configuration, or implementation of a network or system that renders it susceptible
to a threat.

The following facts are responsible for occurrence of vulnerabilities in the software:

Software Bugs: Some bugs might not have serious effects on the
functionality of the program and may remain undetected for a long time. A
program might crash when serious bugs are left unidentified. Another
category of bugs called security bugs may allow a malicious user bypass
access controls and obtain unauthorized privileges.

Timing Windows - This problem may occur when a temporary file is

exploited by an intruder to gain access to the file, overwrite important data,
and use the file as a gateway for advancing further into the system.

Insecure default configurations - Insecure default configurations occur when

vendors use known default passwords to make it as easy as possible for
consumers to set up new systems. Unfortunately, most intruders know these
passwords and can access systems effortlessly.

Page | 42
 Trusting Untrustworthy information - This is usually a problem that affects
routers, or those computers that connect one network to another. When
routers are not programmed to verify that they are receiving information
from a unique host, bogus routers can gain access to systems and do
damage.
End users - Generally, users of computer systems are not professionals and
are not always security conscious. For example, when the number of
passwords of an user increases, user may start writing them down, in the
worst case to places from where they are easy to find. In addition to this
kind of negligence towards security procedures users do human errors.

Level of Network Security

Security programs involve the following eight steps –

(i) Preparing project plan for enforcing security: The project plan
components includes the objectives of the review, scope of the review
and tasks to be accomplished, assigning tasks to the project team after
organizing it, preparing resources budget.
(ii) Asset identification: Assets which need to be safeguarded can be
identified and subdivided into Personnel, Hardware, Facilities, Data,
Software.
(iii) Asset valuation: This step of valuation of assets can pose a difficulty. The
process of valuation can differ depending on who is asked to render the
valuation, the way in which the asset can be lost and the period for which
it is lost and how old is the asset.
(iv) Threat identification: The source of a threat can be external or internal
and the nature of a threat can be accidental / non-deliberate or
deliberate.

Page | 43
 (v) Threats probability of occurrence assessment: This step is an
assessment of the probability of occurrence of threats over a given time
period.
(vi) Exposure analysis: This step is the Exposures Analysis by first identifying
the controls in the place, secondly assessing the reliability of the existing
controls, thirdly evaluating the probability that a threat can be successful
and lastly assessing the resulting loss if the threat is successful.
(vii) Controls adjustment: The involves the adjustment of controls which
means whether over some time period any control can be designed,
implemented and operated such that the cost of control is lower than
the reduction in the expected losses.
(viii) Report generation outlining the levels of security to be provided for
individual systems, end user, etc.: This is the last step that involves
report generation documenting, the findings of the review.

Network Security Protocols

Network Security Protocols are primarily designed to prevent any unauthorized

user, application, service or device from accessing network data.

Cryptography: The art of protecting information by transforming it (encrypting it)

into an unreadable format, called cipher text. Only those who possess a secret
key can decipher (or decrypt) the message into plain text. Encrypted messages
can sometimes be broken by cryptanalysis, also called code-breaking, although
modern cryptography techniques are virtually unbreakable.

Encryption: In Cryptography, encryption is the process of encoding

messages (or information) in such a way that hackers cannot read it, but
only authorized parties can.
There are two basic approaches to encryption:

Page | 44
 (i) Hardware encryption devices are available at a reasonable cost,
and can support high-speed traffic. If the Internet is being used to
exchange information among branch offices or development
collaborators, for instance, use of such devices can ensure that all
traffic between these offices is secure.

(ii) Software encryption is typically employed in relation with

specific applications. Certain electronic mail packages, for example,
provide encryption and decryption for message security.

Some of the popular network security protocols include:

SSH - Secure Shell is a program to log into another computer over a

network, to execute commands in a remote machine, and to move files
from one machine to another. An attacker cannot hijack the connection
when encryption is enabled. During ssh login, the entire login session,
including transmission of password, is encrypted; therefore it is almost
impossible for an outsider to collect passwords.

SFTP – The SSH File Transfer Protocol (also known as Secure FTP and SFTP)
is a computing network protocol for accessing and managing files on
remote file systems. Unlike standard File Transfer Protocol (FTP), SFTP
encrypts commands and data both, preventing passwords and sensitive
information from being transmitted in the clear over a network.

HTTPS – Hypertext Transfer Protocol Secure (HTTPS) is a

communications protocol for secure communication over a
computer network, with especially wide deployment on the
Internet. The security of HTTPS uses short term session key to encrypt
the data flow between client and server.
Page | 45
 For instance, you might log into your bank account on the Web. You
will have to enter in a user name and password, and then after that
you'll see your account info. Pay attention the next time you do this,
and check the address bar at the top of your browser. It should
indicate that you are now in a secure session with the addition of
"https" at the front of the URL.

Network Security Techniques

1) Firewall: A firewall is a system designed to prevent unauthorized access to or from a

private network. All messages entering or leaving the intranet pass through the firewall,
which examines each message and blocks those that do not meet the specified security
criteria. Firewalls can be either hardware or software. Software firewalls are installed on
your computer (like any software). Hardware firewalls can be purchased as a stand-
alone product but are also typically found in broadband routers.

Message authentication makes sure that a message is really from whom it original
sender and that it has not been tampered with. Regardless of a company’s
individual needs, clearly defined Internet security policies and procedures should
always be part of any corporate Internet security strategy.

Site Blocking is a software-based approach that prohibits access to certain Web

sites that are deemed inappropriate by management. For Example, certain
orgnisations blocks certain social networking sites like Facebook, Twitter etc.
companies can also log activities and determine the amount of time spent on
the Internet and identify the sites visited.

Page | 46
IDS Technologies: An Intrusion Detection System (IDS) is a device or software
application that monitors network or system activities for malicious activities.
Primary IDS technologies are defined as follows:

• Network Intrusion Detection (NID): Network Intrusion Detection System is

placed on a network to analyze traffic in search of unwanted or malicious
events on the wire between hosts. Typically referred to as "packet-sniffers",
network intrusion detection devices intercept packets traveling along
various communication mediums
• Host-based Intrusion Detection (HID): Host-based Intrusion Detection
systems are designed to monitor, detect, and respond to user and system
activity and attacks on a given host. The difference between host-based and
network-based intrusion detection is that NID deals with data transmitted
from host to host while HID is concerned with what occurs on the hosts
themselves.
• Hybrid Intrusion Detection: Hybrid Intrusion Detection systems offer
management of and alert notification from both network and host-based
intrusion detection devices. Hybrid solutions provide the logical complement
to NID and HID - central intrusion detection management.
• Network-Node Intrusion Detection (NNID): Network-Node Intrusion
Detection was developed to work around the inherent flaws in traditional
NID. However, this “micro agent” is only concerned with packets targeted at
the network node on which it resides.
The fact that the NNIDS system is no longer expected to examine every single
packet on the wire, however, means that it can be much faster. Network
node's major disadvantage is that it only evaluates packets addressed to the
host on which it resides.

Page | 47
 Network Administration and Management

In computer networks, network management refers to the activities, methods,

procedures, and tools that pertain to the operation, administration,
maintenance, andprovisioning of networked systems.

• Operation deals with keeping the network (and the services that the network
provides) up and running smoothly.
• Administration deals with keeping track of resources in the network and
how they are assigned.
• Maintenance is concerned with performing repairs and upgrades—for
example, when equipment must be replaced.
• Provisioning is concerned with configuring resources in the network to
support a given service. For example, this might include setting up the
network so that a new customer can receive voice service.

Networks and the Internet

Internet Applications

Internet can be used as a very effective media for various applications such as:
• Electronic commerce transactions between businesses and their suppliers and
customers
• The Internet provides electronic discussion forums formed and managed by
thousands of special-interest newsgroups.
• The Internet allows holding real-time conversations with other Internet users.
• The Internet allows gathering information through online services using web
browsers and search engines.

Page | 48
Business Use of the Internet

Business uses of the Internet include:

• Buying and selling products and services

• Generating revenue through electronic commerce applications.
• Developing new information-based products accessible on the Web.

• Attracting new customers with innovative marketing and products.

Enterprise communications and collaboration

Intranet

An intranet is a network inside an organization that uses Internet technologies such

as web browsers and servers. An Intranet is protected by security measures such as
passwords, encryption, and firewalls, and thus can be accessed by authorized users
through the Internet.
The Business Value of Intranets: Intranet applications support
communications and collaboration, business operations and management.
These applications can be integrated with existing IS resources and
Applications, and extended to customers, suppliers, and business partners.

Communications and Collaboration: Intranets can significantly improve

communications and collaboration within an enterprise. Examples include:

• Using an Intranet browser and workstation to send and receive e-

mail, voicemail.
• Using Intranet groupware features to improve team and project
collaboration with services such as discussion groups, chat rooms,
and audio and videoconferencing.

Page | 49
Business Operations and Management: Intranets are being used as the platform for
developing and deploying critical business operations like:

• Company newsletters, technical drawings, and product catalogs can

be published in a variety of ways and also can include web
broadcasting.
• Intranet software browsers, servers, and search engines can help to
easily navigate and locate the business information.

Extranets:

An extranet is a private network that uses Internet technology and the public
telecommunication system to securely share part of a business's information or
operations with suppliers, vendors, partners, customers, or other businesses. An
extranet can be viewed as part of a company's intranet that is extended to users outside
the company.

The business value of extranets is derived from several factors:

• The extranets makes customer and supplier access of intranet resources a lot
easier and faster than previous business methods.
• Extranets enable and improve collaboration by a business with its customers
and other business partners.
• Extranets enable a company to offer new kinds of interactive Webenabled
services to their business partners. Thus, extranets are another way that a

Page | 50
 business can build and strengthen strategic relationships with its customers
and suppliers.
• Extranets facilitate an online, interactive product development, marketing, and
customer-focused process that can bring better designed products to market
faster.

Five Rules of the Extranet

Be as flexible as the business: An extranet must be driven by the demands of

the market, not the limitations of technology. It must be extremely flexible and
allow companies to immediately deploy extranet services that best fit the
business need.

Deploy in "Internet time": To deploy an extranet, companies shouldn't have to

roll out a new infrastructure. Enterprises must be able to deploy their extranet
quickly, and leverage their existing infrastructure to do so.

Protect the interests of the data owner: Extranet services need to be deployed in a
fast and flexible way, but with the complete assurance that only the correct users
can access the right services.

Serve the partner as a customer: An extranet presents a very important and

delicate balance: providing customer service to key partners (who might also
be customers). Partners should never be required to change their security
policies, networks, applications, and firewalls for the "good" of the extranet
community.

Drive information to the decision-maker: An extranet must provide a central means

to measure progress, performance, and popularity. Business units deploying

Page | 51
applications need to understand which extranet content and applications are most
successful.

Electronic Commerce

Benefits of e-Commerce

• Reduction in costs to buyers from increased competition in procurement as

more suppliers are able to compete in an electronically open marketplace.
• Reduction in time to complete business transactions, particularly from delivery
to payment.
• Creation of new markets through the ability to easily and cheaply reach
potential customers.
• Better quality of goods as specifications are standardized and competition is
increased
• Reduction in inventories and reduction of risk of obsolete inventories as the
demand for goods and services is electronically linked through just-in-time
inventory

Risks involved in e-Commerce

Problem of anonymity: There is need to identify and authenticate users in the virtual
global market where anyone can sell to or buy from anyone, anything from anywhere.

Data Loss or theft or duplication: The data transmitted over the Internet may be lost,
duplicated, tampered with or replayed.

Page | 52
Lack of audit trails: Audit trails in e-Commerce system may be lacking and the logs
may be incomplete, too voluminous or easily tampered with.
Problem of piracy: Intellectual property may not be adequately protected when such
property is transacted through e-Commerce.

Attack from hackers: Web servers used for e-Commerce may be vulnerable to
hackers.

Repudiation of contract: There is possibility that the electronic transaction in the

form of contract, sale order or purchase by the trading partner or customer may be
denied.

Types of e-Commerce

A. Business-to-Business (B2B) e-Commerce

B2B refers to the exchange of services, information and/or products from one
business to another.

B2B electronic commerce typically takes the form of automated processes

between trading partners and is performed in much higher volumes than
Business-to-Consumer (B2C) applications.

B. Business-to-Consumer (B2C) e-Commerce

It is defined as the exchange of services, information and/or products from a

business to a consumer. Typically, a B2C e-Commerce business has a virtual store
front for consumers to purchase goods and services eliminating the need to
physically view or pick up the merchandise.

Page | 53
The Business-to-Consumer (B2C) model can save time and money by doing
business electronically but customers must be provided with safe and secure as
well as easy-touse and convenient options when it comes to paying for
merchandise.

Advantages of B2C E-Commerce include:

(i) Shopping can be faster and more convenient.

(ii) Offerings and prices can change instantaneously.

(iii) Call centers can be integrated with the website.

(iv) Broadband telecommunications will enhance the buying experience.

C. Consumer-to-Business (C2B) e-Commerce

In C2B e-Commerce model, consumers directly contact with business vendors

by posting their project work online so that the needy companies review it and
contact the consumer directly with bid. The consumer reviews all the bids and
selects the company for further processing. Some examples are guru.com,
freelancer.com.

D. Consumer-to-Consumer (C2C) e-Commerce

C2C e-Commerce is an Internet-facilitated form of commerce that has existed

for the span of history in the form of barter, flea markets, swap meets, yard sales
and the like. C2C e-Commerce sites provide a virtual environment in which
consumers can sell to one another through a third-party intermediary.

E. Business-to-Government (B2G) e-Commerce

B2G e-Commerce, also known as e-Government, refers to the use of

information and communication technologies to build and strengthen

Page | 54
 relationships between government and employees, citizens, businesses, non-
profit organizations, and other government agencies.

F. Business-to-Employee (B2E) e-Commerce

B2E e-Commerce, from an intra-organizational perspective, has provided the

means for a business to offer online products and services to its employees.

Key aspects to be considered in implementing e-Commerce

• Performing cost benefit analysis and risk assessment to ensure value delivery
• Implementing the right level of security
• Providing adequate user training
• Implementing appropriate policies, standards and guidelines

• Performing post implementation review

Mobile Commerce

Mobile Commerce or m-Commerce, is about the explosion of applications and

services that are becoming accessible from Internet-enabled mobile devices. M-
commerce (mobile commerce) is the buying and selling of goods and services
through wireless handheld devices such as cellular telephones. Known as next-
generation e-commerce, m-commerce enables users to access the Internet
without needing to find a place to plug in.

The industries affected by m-commerce include:

• Financial services, which includes mobile banking (when customers use their
handheld devices to access their accounts and pay their bills).

Page | 55
 • Telecommunications, in which service changes, bill payment and account
reviews can all be conducted from the same handheld device.
• Service/retail, as consumers are given the ability to place and pay for orders on-
thefly.
• Information services, which include the delivery of financial news, sports
figures and traffic updates to a single mobile device.

Electronic Fund Transfer

Electronic Funds Transfer (EFT) represents the way the business can receive direct
deposit of all payments from the financial institution to the company bank account.

These are some examples of EFT systems in operation:

Automated Teller Machines (ATMs): Consumers can do their

banking without the assistance of a teller, or to make deposits, pay
bills, or transfer funds from one account to another electronically.
These machines are used with a debit or EFT card and a code, which
is often called a personal identification number or “PIN.”

Point-of-Sale (PoS) Transactions: Some debit or EFT cards

(sometimes referred to as check cards) can be used when shopping
to allow the transfer of funds from the consumer’s account to the
merchant’s. To pay for a purchase, the consumer presents an EFT
card instead of a check or cash. Money is taken out of the
consumer’s account and put into the merchant’s account
electronically.

Page | 56
 Preauthorized Transfers: This is a method of automatically
depositing to or withdrawing funds from an individual’s account,
when the account holder authorizes the bank or a third party (such
as an employer) to do so. For example, consumers can authorize
direct electronic deposit of wages, social security, or dividend
payments to their accounts. Or they can authorize financial
institutions to make regular, ongoing payments of insurance,
mortgage, utility, or other bills.

Telephone Transfers: Consumers can transfer funds from one

account to another through telephone instructions rather than
traditional written authorization or instrument. The accounts being
debited can be checking or savings, for example—or can order
payment of specific bills by phone.

4. Business Information Systems

Information System: Information System (IS) is a combination of people,

hardware, software, communication devices, network and data resources. The

Page | 57
main aim and purpose of each information system (definition of information
system) is to convert the data into information which is useful and meaningful.

Components of Information System

(i) People, hardware, software, and data are four basic resources of
information systems;

(ii) Human resources consist of end users and IT specialists; hardware

involves machines and media; software resources consist of programs
and procedures; and data resources includes data, model;

(iii) A process is used to convert data into information for end users;

(iv) Information processes consist of input, processing, output, storage,

and control processes.

Who uses Information Systems?

Strategic Level: These are senior managers or Top-level managers that hold the
titles such as Chief Executive Officers, Chief Financial Officers, Chief Operational
Officers etc, who take decisions that will affect the whole organization. Top
Managers do not direct the dayto-day activities of the firm; rather they set goals for
the organization and direct the company to achieve them.
Management Level: These are Middle Managers that are in the levels below top
managers and hold the job titles like General Manager, Regional manager etc.
Middlelevel Managers are responsible for carrying out the goals set by Top
Management. Because Middle Managers are more involved in the day-to-day

Page | 58
workings of a company, they may provide valuable information to Top Managers
to help improve the performance of an organization.

Knowledge Level: These include knowledge and data workers who are selected,
recruited and trained in a special manner than the non-knowledge workers. The
knowledge resides in the heads of knowledge workers and these are the most
precious resource an organization possesses.

Operational Level: These include Operational Managers or supervisors that are

responsible for the daily management of the line workers who actually produce
the product or offer the service. These are the mangers that most employees
interact with on a daily basis, and if the managers perform poorly, employees may
also perform poorly, may lack motivation, or may leave the company.

Types of Information Systems

Strategic Level Systems: For strategic managers to track and deal with strategic
issues, assisting long-range planning. A principle area is tracking changes in the
external conditions (market sector, employment levels, share prices, etc.) and
matching these with the internal conditions of the organization.

Management-Level Systems: Used for the monitoring, controlling, decision-

making, and administrative activities of middles management. Some of these
systems deal with predictions or “what if…” type questions. e.g. “What would
happen to our profits if the completion of the new production plant was delayed
by 6 months?” Tracking current progress in accord with plans is another major
function of systems at this level.
Knowledge-Level Systems: These systems support discovery, processing and
storage of knowledge and data workers. These further control the flow of paper
work and enable group working.

Page | 59
Operational-Level Systems: Support operational managers tracking elementary
activities. These can include tracking customer orders, invoice tracking, etc.
Operationallevel systems ensure that business procedures are followed.

Transaction Processing System (TPS)

A transaction processing system (TPS) is an information system that captures and

processes data generated during an organization’s day-to-day transactions. A
transaction is a business activity such as a deposit, payment, order or reservation.

Most of the Transaction Processing Systems include one or additional of the following
attributes:

Access Control - TPS: Most Transaction Processing Systems come with access
control to put a ceiling on users to only those allowed to accomplish so. Access
Control ensures that people who are not authorized to use the system are not
permissible to influence or modify the transaction process.

Equivalence - TPS: Transactions are processed in the similar format every time
to ensure that full effectiveness is achieved. The TPS Interfaces are designed to
get hold of identical data for each transaction, despite the source.

High Volume Rapid Processing - TPS: In most of the transaction processing, the
foremost issue is momentum. The instant processing of transactions is noteworthy
to the success of certain industry such as banking. TPS is designed to process
transactions in an immediate to make confident that the transaction data is
available to other users or processes that entail it.
Trustworthiness - TPS: A TPS system is designed to be robust and trustworthy.
The system is capable to process transactions very rapidly yet at the same time
conduct several checks to make certain that the data integrity is preserved.

Page | 60
Transactions Processing Qualifiers: In order to qualify as a TPS, transactions

made by the system must pass the ACID Test. The ACID Test refers to the following
four prerequisites as discussed below:

Atomicity: This means that a transaction is either completed in full or not

at all. TPS systems ensure that transactions take place in their entirety. For
example, if funds are transferred from one account to another, this only
counts as a bone fide transaction if both the withdrawal and deposit take
place. If one account is debited and the other is not credited, it does not
qualify as a transaction.

Consistency: TPS systems exist within a set of operating rules (or integrity
constraints). If an integrity constraint states that all transactions in a database
must have a positive value, any transaction with a negative value would be
refused.

Isolation: Transactions must appear to take place in seclusion. For example,

when a fund transfer is made between two accounts the debiting of one and
the crediting of another must appear to take place simultaneously. The funds
cannot be credited to an account before they are debited from another.

Durability: Once transactions are completed they cannot be undone. To

ensure that this is the case even if the TPS suffers failure, a log will be created
to document all completed transactions.

Page | 61
 Office Automation Systems (OAS)

The expression Office Automation refers to the use of computer and

software to digitally generate, collect, store, manipulate, and relay office
information needed for accomplishing basic tasks and goals.
The Office Automation Systems (OAS) is amalgamation of hardware, software, and
other resources used to smooth the progress of communications and improve
efficiency in an organization.

An Office Automation Model consists of:

(a) Information and communication

(b) Computer and non-computer

applications (c) "Other problem solvers"

- Internal

- Environmental

Knowledge Management System (KMS)

Knowledge Management Systems (KMS) refer to any kind of IT system that stores
and retrieves knowledge, locates knowledge sources, and uses knowledge in some
or other way to enhance the KM process.

There are two broad types of knowledge—Explicit and Tacit

Explicit knowledge is that which can be created and stored easily and as a
consequence is easily available across the organization. Explicit knowledge is easy to
communicate, store, and distribute and is the knowledge found in books, on the web, and

Page | 62
other visual and oral means. The most common forms of explicit knowledge are manuals,
documents, procedures, and how-to videos. Knowledge also can be audio-visual.
Tacit knowledge, on the other hand, resides in a few or in just one person and
hasn’t been captured by the organization or made available to others. It is the
hidden vast storehouse of knowledge held by practically every normal human being,
based on his or her emotions, experiences, insights, intuition, observations and
internalized information. It is this tacit knowledge that differentiates between
organizations in tough times, and hence provides the strategic edge to any
organization.

Importance of Knowledge Management

Knowledge is a sum total of “What everybody knows” about the community world.
It is a gathering of values, wisdom, education, experience, morals. The difference
between the normal and the abnormal handling of any task, process or interaction-
between employees, with the customers or with any other stake holder of the firm,
has always been made possible with the use of knowledge.

Few factors that describe the importance of Knowledge Management are:

Altering Business surroundings: Previously the business environment used to be

stable one, so the people of any organization naturally became knowledgeable over
time. They absorbed and hang out knowledge about company’s product & service,
its market, customers, competitors and suppliers. But now rapid change means
speedy knowledge obsolescence, so need is there to manage it before it disappears
without leaving a trace.

Globalization: It’s putting pressure on firms for innovation as markets are at the
present fast changing and competition is stiff. The meaning of goods and services
has changed. Now companies have started selling knowledge in addition. For a

Page | 63
research lab or software firm, not managing knowledge is similar to Wal-Mart not
managing inventory.

Difference between Information and Knowledge

1. Information is “what is” at the same time as knowledge is “what works.”

2. Information is “know what” despite the fact that knowledge is “know-how.”
3. Information that helps achieve an action well again is knowledge. To a doctor,
most of the contents of a daily newspaper is basically information – interesting
but not helpful. Whereas, a piece of writing from a medical periodical that
improves her capability to make a treatment or become aware of a recently
exposed disease is knowledge.

Management Information System (MIS)

We all know that information is a vital factor for our existence. Just as our body
needs air, water and clothes, we are as much dependent upon information.

Page | 64
The term ‘Management Information System’ (MIS) refers to the data, equipment and
computer programs that are used to develop information for managerial use.

As the internet has developed, all of the foremost MIS solutions have now been
written to be accesses via web browsers.

Developing MIS – Dos And Don’ts:

1 Layman Have simpler and Don’t be ambitious

manageable system

2 Bridging Develop common

Don’t be unrealistic
understanding
in developing
between consultant
action plan
and the
organization
3 Don’t Delay
Contribution Involve programmer decisions on hiring
in Totality in needs assessment application
developers
Depend heavily on
4 Tailor-made Customize software the
Consultant
5 Interpretation Don’t Invest heavily
Have simple software
in inhouse
for users to handle
application
development

Page | 65
 Some Examples of MIS

o Airline reservations (seat, booking, payment, schedules, boarding list,

special needs, etc.)

o Bank operations (deposit, transfer, withdrawal) electronically with a

distinguish payment gateways
o Logistics management application to streamline the transportation
system

o Train reservation with the help of IRCTC

Decision Support Systems (DSS)

Decision Support Systems (DSS) are a specific class of computerized information

system that supports business and organizational decision-making activities.

DSS can be extremely beneficial to any organization’s overall performance.

However, DSS can also be the cause of great confusion, misperception and even
inaccurate analysis – these systems are not designed to eliminate “bad” decisions.

DSS has four basic components:

(a) The user: The user is usually a manager with a problem to solve and may be
at management - level of an organization.
(b) One or more databases: Databases contain both routine and non-routine
data from both internal and external sources.

Page | 66
 (c) Planning languages: Planning languages can either be general-purpose or
special-purpose allowing users to perform routine tasks and specific tasks
respectively.
(d) Model Base: Model base is the brain of the DSS as it performs data
manipulations and computations with the data provided to it by the user
and the database. The planning language in DSS allows the user to maintain
a dialogue with the model base.

Advantages/Need of DSS:

• Create data models and “what if” scenarios

• Time Savings
• Improve Employee Efficiency
• Competitive Advantage
• Increase Organisational Control

Executive Information Systems (EIS)

Early executive information systems were developed as computer-based programs on

mainframe computers to provide a company’s description, sales performance and/or
market research data for senior executives. However, senior executives were not all
computer literate or confident. Moreover, EIS data was only supporting executivelevel
decisions but not necessarily supporting the entire company or enterprise.

Current EIS data is available company- or enterprise-wide, facilitated by personal

computers and workstations on local area networks (LANs). Employees can access
Page | 67
 company data to help decision-making in their individual workplaces, departments,
divisions, etc.. This allows employees to provide pertinent information and ideas both
above and below their company level.

The typical information mix presented to the executive may include financial
information, work in process, inventory figures, sales figures, market trends,
industry statistics, and market price of the firm's shares. It may even suggest what
needs to be done, but differs from a Decision Support System (DSS) in that it is
targeted at executives and not managers.

Alternative names of EIS are Enterprise Information Systems or Executive Support

Systems (ESS).

Components of an EIS

Hardware: Includes Input data-entry devices, CPU, Data Storage files and Output
Devices.

Software: Includes Text base software, Database, and Graphic types such as time
series charts, scatter diagrams, maps.
User Interface: Several types of interfaces can be available to the EIS structure, such
as scheduled reports, questions/answers, menu driven etc

Telecommunication: Involves transmitting data from one place to another in a

reliable networked system.

Specialized Systems
Enterprise Resource Planning (ERP)

Enterprise Resource Planning (ERP) systems integrate internal and external

management information across an entire organization—taking on

Page | 68
finance/accounting, manufacturing, sales etc. ERP systems automate this activity
with an integrated software application.

ERP Stages:-

Stage -1 Inventory Control: It is the supervision of supply, storage of items in order

to make certain a sufficient supply without excessive oversupply.

Stage – 2 ABC Analysis: ABC analysis is that technique of material control in which
we divide our material into three categories and investment is done according to
the value and nature of that category’s materials.

Stage – 3 Economic order Quantity (EoQ): EoQ is used as part of inventory

system in which the level of inventory is scrutinized at all times and is ordered
each time the inventory level reaches a particular reorder point.

Stage – 4 Just-In-Time (JIT): JIT is a philosophy of continuous improvement in which

nonvalue-adding activities (or wastes) are identified and removed.

Stage – 5 Material Requirement Planning (MRP – I): Material requirements

planning (MRP) is a production planning to ensure that materials are available for
production.

Stage-6 Manufacturing Resource Planning - II (MRP – II): It is defined as a method

for the valuable planning of all resources of a manufacturing company.

Stage – 7 Distribution Resource Planning (DRP): DRP is a method used in business

administration for planning orders within a supply chain. DRP enables the user to
set certain inventory control parameters (like a safety stock).

Page | 69
Stage – 8 Enterprise Resource Planning: ERP takes a customer order and provides a
software road map for fulfilling the order

Stage – 9 Money Resource Planning (MRP-III).: This has more emphasis on planning
of capital or managing the situation when surplus money arises.

Stage – 10 EIS-Web Enabled: Web browser software is the cheapest and simplest
client software for an EIS. Web enabled EIS is a final step in this direction.

Customer Relationship Management (CRM)

A. CRM may be defined as a business process in which client relationships;

customer loyalty and brand value are built through marketing strategies and
activities.

Analytical CRM Definition:

Customer Relationship Management =

CRM Equation
Customer Understanding + Relationship
Management

Customer Analysis of customer data to gain deep

Understanding understanding down to the level of individual
Relationship Interaction with the customer through various
Management channels for various purposes
Analytical Use customer understanding to perform
CRM effective relationship management

Page | 70
Benefits of CRM:

• Generating customer loyalty

• Preserving existing customers
• Gaining competitive advantage

Supply Chain Management (SCM)

In simple terms, SCM is a chain that starts with customers and ends with
customers. Supply Chain Management may be defined as the process of planning,
implementing and controlling the operations of the supply chain with the purpose
of satisfying the customer's requirement as efficiently as possible.

Components of SCM:

Procurement/Purchasing—begins with the purchasing of parts, components,

or services. Procurement must ensure that the right items are delivered in the
exact quantities at the correct location on the specified time schedule at
minimal cost.

Operations - The second major element of supply chain management system is

operations. Having received raw materials, parts, components, assemblies, or
services from suppliers, the firm must transform them and produce the products
or the services

Distribution - Distribution involves several activities—transportation (logistics),

warehousing, and customer relationship management (CRM).

Page | 71
Integration - The last element of supply chain management is the need for
integration. It is critical that all participants in the service chain recognize the
entirety of the service chain.

Relationship between ERP, CRM and SCM:

CRM and SCM are two categories of enterprise software that are widely
implemented in corporations and non-profit organizations. While the primary goal
of ERP is to improve and streamline internal business processes.

CRM attempts to enhance the relationship with customers and SCM aims to
facilitate the collaboration between the organization, its suppliers, the
manufacturers, the distributors and the partners.

Human Resource Management Systems (HRMS)

People are the most valuable asset of an enterprise. A Human Resources

Management System (HRMS) is a software application that group many human
resources functions, together with benefits administration, payroll, recruiting
and training, and performance analysis and assessment into one parcel.

Key Integration Points:

• Workforce Management: Workforce Management provides powerful tools to

effectively manage labour rules, ensure compliance, and control labour costs
and expenses.
• Time and Attendance Management: The time and attendance module gathers
standardized time and work related efforts.
• Payroll Management: This module of the system is designed to automate
manual

Page | 72
Payroll functions and facilitate salary, deductions etc calculations, eliminates errors
• Recruitment Management: This module helps in hiring the right people with
the right target skills. This module includes processes for managing open
positions/requisitions, applicant screening, assessments, selection and hiring
etc.

• Training Management: Training programs can be entered with future dates

which allow managers to track progress of employees through these programs

Core Banking System (CBS)

CORE stands for "Centralized Online Real-time Environment". The various elements
of core banking include:

 Calculating interest
 Managing customer accounts
 Processing cash deposits and withdrawals
 Processing payments and cheques

Core Banking System may be defined as the set of basic software components that
manage the services provided by a bank to its customers.

Normal core banking functions will include deposit accounts, loans,

mortgages and payments. Banks make these services available across
multiple channels like ATMs, Internet banking, and branches.

Examples of major core banking products include Infosys’ Finacle, Nucleus FinnOne
and Oracle's Flexcube application.

(A) Infosys’ Finacle

Page | 73
The key modules of Finacle are:

 Enterprise customer information: This module enables banks to create and

maintain a single source of customer information and files that can be
accessed from multiple systems.
 Consumer banking: Offerings such as savings and checking accounts, and
provision for personal and auto finance are easily supported.
 Corporate banking: This includes commercial lending essentials such as
multicurrency disbursements and repayments, flexible and varied interest
rate setup, commitment fee setup, crystallization, amortization, and debt
consolidation.
 Wealth management: This creates new revenue streams by offering high net
worth individuals
 Trade finance: This module presents an end-to-end solution for the trade
finance needs of a bank and is fully integrated with the payment system and
exchange rate setup
 Islamic banking: This module offers a flexible and varied feature repertoire
for banks to design and deploy products for varying market segments, based
on different Islamic concepts.

(B) Nucleus FinnOne: The Nucleus FinnOne banking suite, made and
marketed by India-based Company Nucleus software, comes with a wide variety
of applications that cover different aspects of global web banking. These
applications include:

 A loan origination system that automates and manages the processing of

many types of loans,
 A credit card application system with strong credit and fraud detection tools
and

Page | 74
FinnOne is a web-based global banking product designed to support banks
and financial solution companies in dealing with assets, liabilities, core
financial accounting and customer service.

(C) Oracle's FLEXCUBE: Oracle FLEXCUBE helps banks transform their

business model from disparate operations towards centralization of key
functions, such as accounting, customer information, and management
information.

Few special features are:

 Track their pending activities

 Get insights into customer information
 Improved bank staff productivity
 Improved risk management
 Straight-Through-Processing (STP) capabilities.

Accounting Information System (AIS)

An accounting information systems that combines traditional accounting practices such as

the Generally Accepted Accounting Principles (GAAP), Accounting Standards with modern
information technology resources.

Key components of Accounting Information System:

 People: AIS helps various system users that include accountants, consultants,
business analysts, managers, chief financial officers and auditors etc. from
different departments within a company to work together.
 Procedure and Instructions: These include the methods for collecting,
storing, retrieving and processing data.

Page | 75
  Data: Refers to the information related to the organization such as invoices
etc.
 Software: It is the computer program that provide facility to store and access
data.
 Internal Controls: These are the security measures such as passwords or as
complex as biometric identification

Benefits of AIS:

 Transforms data into information.  Trouble free paper-and-pencil system 

Improves employee efficiency.
 Makes sure that entity’s resources are available when needed.

Artificial Intelligence

Artificial intelligence is the branch of computer science concerned with making

computers behave like humans.

Although AI has been studied for more than half a century, we still cannot make a
computer that is as intelligent as a human in all aspects.
In some cases, the computer outfitted with AI technology can be even more
intelligent than us. The Deep Blue system which defeated the world chess
champion is a well-know example.

Expert systems, Pattern Recognition, Natural language processing, and many others
are some of the various purposes on which AI may be applied

Page | 76
 Expert System

A computer application that performs a task that would otherwise be performed by a

human expert. For example, there are expert systems that can diagnose human illnesses,
make financial forecasts, and schedule routes for delivery vehicles.

Components of an Expert System:

a) Knowledge Base: This includes the data, knowledge, relationships, rules of

thumb, and decision trees used by experts to solve a particular problem.
b) Inference Engine: This program contains the logic and reasoning mechanisms
that simulate the expert logic process and deliver advice
c) User Interface: This program allows the user to design, create, update, use
and communicate with the expert system.
d) Explanation facility: This facility provides the user with an explanation of the
logic the ES used to arrive at its conclusion.
e) Database of Facts: This holds the user's input about the current problem.

Types of Expert Systems:

 In Example-based system, developers enter the case facts and results, that
is used to match the case at hand with those previously entered in the
knowledge base.
 Rule-based systems are created by storing data and decision rules as if-
then rules. The system asks the user questions and applied the if-then rules
to the answers to draw conclusions and make recommendations.
 Frame based systems organize all the information (data, description, rules
etc.) about a topic into logical units called frames, which are similar to
linked records in data files.

Page | 77
 Business Intelligence

The term business intelligence (BI) represents the tools and systems that play a key role in
the strategic planning process of the corporation. These systems allow a company to
gather, store, access and analyze corporate data to aid in decision-making.

Business Intelligence Tools:

 Simple Reporting and Querying: This involves using the data warehouse
to get response to the query: “Tell me what happened.” The objective of
a BI implementation is to turn operational data into meaningful
knowledge.

 Business Analysis: This involves using the data to get response to the
query: “Tell me what happened and why.” Business analysis allows the
user to plot data in row and column coordinates to further understand
the intersecting points.

 Dashboards: This involves using the information gathered from the data
warehouse and making it available to users as snapshots

 Scorecards: Scorecards offer a rich, visual measurement to display the

performance of specific initiatives, business units, or the enterprise as a
whole and the individual goals.
 Data Mining or Statistical Analysis: This involves using statistical,
artificial intelligence, and related techniques to mine through large
volumes of data and providing knowledge without users even having to
ask specific questions.

Page | 78
Business Reporting through MIS and IT

Benefits for micro-businesses and small to medium enterprises

 Paperless lodgement - eliminates the hassle of paper work and

associated costs;

 Electronic record keeping – stores the reports securely in the

accounting or bookkeeping system;

 Pre-filled forms - reports are automatically pre-filled with information

existing in the accounting or bookkeeping system.

 Ease of sharing - between client, accountant, tax agent or bookkeeper

for checking;

 Same-time validation - receive a fast response that any lodgement has

been received.

Benefits for large business

 A single reporting language to report to government: eXtensible

Business Reporting Language (XBRL) - an international standards-
based business reporting language developed by accountants for
financial reporting;

 Reduce costs - reduction in the cost of assembling, analyzing, and

providing data to government;

Page | 79
  Streamline the process of aggregating data - Opportunities exist for
streamlining the process of aggregating data across different internal
departments, or business units of a company;

 Same-time validation - rapid response that any lodgement has been

received.

Importance of Access and Privilege Controls

In order to safeguard software systems, procedures are developed and

implemented for protecting them from unauthorized access.

The functions are as follows:

 Identity Management: Identity management consists of one or more

processes to verify the identity of a subject/person attempting to access an
object. However, it does not provide 100 percent assurance of the subject’s
identity.
 Authorization: Once a resource or network verifies a subject’s identity, the
process of determining what objects that subject can access begins.
Authorization identifies what systems, network resources, etc. a subject can
access.
 Accountability: Each step from identity presentation through authentication
and authorization is logged.

Approaches to Access Control

Page | 80
  Role-based Access Control (RBAC): Each person/subject is given a particular
role and certain rights and permissions. When an employee changes jobs, all
previous access is removed, and the rights and permissions of the new role
are assigned.
 Rules-based Access Control (RAC): RAC differs from RBAC methods because
it is largely context-based. RAC places certain rules based on a user’s role. A
manager, for example, has the ability to approve his/her employees’ hours
worked. However, when s/he attempts to approve his/her own hours, a rule
built into the application compares the employee record and the user, sees
they are the same, and temporarily removes approval privilege.

5. Business Process Automation through

Application Software
The meaning of Business Application can be best understood by dividing the set
of words into their constituents. Business is defined as a person’s regular
occupation or commercial activity, a person’s concern. Application, in terms of
computers, is defined as a computer program to fulfill a particular purpose.

Types of Business Applications on Logical Basis:

 Nature of processing: This is the way an application updates data, for example
batch-processing, real-time processing.

Page | 81
  Source of application: It tells the source from where application Is bought, for
example purchased (Tally), developed in-house.
 Nature of business: This classification is based on the users for whom the
application has been developed. For example, for large businesses, small
businesses etc.
 Functions covered: A business application may be classified based on business
function it covers. For example DSS, MIS, KIS etc

Steps to Develop BPA

Step 1: Define why we plan to implement a BPA?

 Errors in manual processes leading to higher costs.

 Poor debtor management leading to poor cash flow.  Poor customer service.

(ii) Step 2: Understand the rules / regulation which enterprise needs to comply
with?

Page | 82
 This is established by a combination of internal corporate policies, external
industry regulations and local, state, and central laws.

(iii) Step 3: Document the process, we wish to automate:

 What documents need to be captured?

 Can there be a better way to do the same job?

(iv) Step 4: Define the objectives/goals to be achieved by implementing BPA

When determining goals, remember that goals need to be SMART:

 Specific: Clearly defined

 Measurable: Easily quantifiable in monetary terms
 Attainable: Achievable through best efforts
 Relevant: Entity must be in need of these, and  Timely: Achieved
within a given time frame.

(v) Step 5: Engage the business process consultant

 Consultant have experience with entity business process.

 Consultant should be experienced in resolving critical business issues.

(vi) Step 6: Calculate the RoI for project

 Cost Savings, being clearly computed and demonstrated.

 Savings in employee salary

(vii) Step 7: Developing the BPA

 Once the requirements have been document, ROI has been computed and
top management approval to go ahead has been received, BPA is
developed.

Page | 83
(viii) Step 8: Testing the BPA

 Once developed, it is important to test the new process to determine how

well it works

Applications that help entity to achieve BPA (2 x 2 Marks):

TALLY:

 It is ERP software, which allows an entity to integrate its business

processes.
 ERP stands for Enterprise Resource Planning
 It is an accounting application that helps entity to automate processes
relating to accounting of transactions.
 The latest version has been upgraded to help user achieve TAX
compliances also.
 It has features such as Remote Access Capabilities
 This is used by most of the small enterprises across the world

SAP:

 It is ERP software, which allows an entity to integrate its business

processes.
 ERP stands for Enterprise Resource Planning

Page | 84
  It has the features such as time management, reporting, budget
monitoring etc
 This is used by most of the large enterprises across the world Attendance

Systems:

 Many attendance automation systems are available in the market.

 The application helps entity to automate the process of attendance
tracking
 It has features such as supervisor login access, holiday pay settings etc

Vehicle Tracking System:

 A lot of applications have been developed that allow entity to track their
goods while in transit.
 It has features such as GPS based location, GPRS connections.
 Information is also sent through SMS & e-mail notifications
on-board memory to store location inputs during times when GPRS is not
available or cellular coverage is absent

Automated Toll Collection Systems:

 As India progresses through creation of the golden quadrilateral project,

many toll booths have been built to collect tolls.
 Many toll booths allow users to buy pre-paid cards, where user need not
stop in lane to pay toll charges, but just swipe / wave the card in front of a
scanner.

Page | 85
  It has features such as automatic vehicle identification system (based on
in-road sensors), license plate recognition, zoom capability on captured
images

Department Stores Systems:

 There has been huge development in the retail sector in India.

 Two critical elements for managing departmental stores have been
automated in India; they include the billing processes and inventory
management.

Travel Management Systems:

 Many business processes specific to this industry have been automated,

including ticket booking for air, bus, train, hotel, etc.
 It has features such as, ‘safe return’ process for people tracking, traveler
portal for up to date information, online retrieval of e-tickets, management
of entry visas & medical requirements.

Educational Institute Management Systems:

 India probably produces maximum number of engineers, doctors, MBAs

and CAs across the world.
 A lot of automation has been achieved, including student tracking and
record keeping.
 ICAI, itself is a good example of this automation.

Page | 86
 A student based on his/her registration number can file many documents
online including exam forms.

Delivery Channels
Delivery channels for information include:

 E-mail: The most widely used delivery channel for information today
 Social networking sites, like Facebook, whatsup, etc
 Intranet: Network within the company/enterprise

Information Delivery Channel: How to choose one?

 More than just the intranet: Staff will (and should) use whichever methods
are easiest and most efficient to obtain information.
 Understand staff needs & environment: This includes which systems do
staff use, their level of PC access, their amount of computer knowledge.
 Traditional Channel need to be formalized: Instead of attempting to
eliminate existing information sources in favour of the intranet, it may be
more beneficial to formalize the current practices.

Controls in BPA

Page | 87
Control Objectives:

 Authorization - ensures that all transactions are approved by responsible

personnel.
 Completeness -ensures that no valid transactions have been omitted from
the accounting records.
 Accuracy - ensures that all valid transactions are accurate
Validity - ensures that all recorded transactions fairly represent the
economic events that actually occurred
 Physical Safeguards and Security - ensures that access to physical assets and
information systems are controlled

Application Controls and their Types:

(i) Boundary Controls: Boundary control techniques include: The major

controls of the boundary system are the access control mechanisms.
Boundary control techniques include:
 Cryptography: There are programs that transform data into codes
that appear meaningless to anyone who does not possess the
authentication/authorization.
 Passwords: User Identification through personal characters like
name, birth date etc.
 Personal Identification Numbers (PIN): The personal identification
number is similar to a password assigned to a user. The application
generates a random number.
 Identification Cards: These cards that are used to identify a user.

Page | 88
(ii) Input Controls: These are responsible for ensuring the accuracy and
completeness of data that are input into the computer. Input control
techniques are:
 Data Coding Controls: These controls are put in place to reduce user
error during data feeding. Few types of error may include:
 Addition: Addition of an extra character in a code. e.g. 12345
coded as 712345;
 Truncation: Omission of characters in the code. e.g. 12345
coded as 2345;

 Batch Controls: These controls are put in place at locations where

batch processing is being used. Batch processing is where there is
a time gap between occurrence and recording of transactions, that
is, transactions are not recorded at the time of occurrence but are
accumulated and a set (based on number/ time) is processed.
 Validation Controls: hese controls validate the
accuracy/correctness of input data. For example, no pay where
there is sick leave, physical balance can never go below zero, etc.

(iii) Process Controls: Data processing controls perform checks to identify

errors during processing of data.
 Exception Reports: Exception reports are generated to
identify errors in data processed.
 Reasonableness Verification: Two or more fields can be
compared and cross verified to ensure their correctness. For
example, the statutory percentage of provident fund can be

Page | 89
 calculated on the gross pay amount to verify if the provident
fund contribution deducted is accurate.

(iv) Output Controls: Output controls ensure that the data delivered to users
correctly.
 Storage and Logging of Sensitive and Critical Forms: Pre-printed
stationery should be stored securely to prevent unauthorized
destruction or removal and usage.
 Controls over Printing: It should be ensured that unauthorized
disclosure of information printed is prevented. must be trained to
select the correct printer

Page | 90
  Retention Controls: Retention controls consider the duration for
which outputs should be retained before being destroyed.
 Existence/Recovery Controls: These controls are needed to
recover output in the event that it is lost or destroyed.

Emerging Technologies
 Grid Computing is a computer network in which each computer's
resources are shared with every other computer in the system.

A grid computing system can be as simple as a collection of similar

computers running on the same operating system.

Why need Grid Computing?

 An insurance company mines data from partner hospitals for fraud

detection.
 Large-scale science and engineering are done through the interaction
of people from different geographies.

 Network Virtualization treats all servers and services in the network as a

single pool of resources that can be accessed without regard for its physical
components. The term network virtualization is often used to describe many
things including storage virtualization, and even grid computing.

Page | 91